Organise license reporting per component

We do a license check at build time and the build aborts if we receive a license we are not familiar with. Since the number of libraries listed is very big, it is almost impossible to understand where does the dependency come from. It would be nice if the list

Acceptable   : descendants_tracker - 0.0.4 uses MIT - Acceptable license
Acceptable   : destroy - 1.0.4 uses MIT - Acceptable license
Acceptable   : detect-indent - 4.0.0 uses MIT - Acceptable license

could be changed to something like:

gitlab-rails:
  Acceptable   : descendants_tracker - 0.0.4 uses MIT - Acceptable license
  Acceptable   : destroy - 1.0.4 uses MIT - Acceptable license
  Acceptable   : detect-indent - 4.0.0 uses MIT - Acceptable license
software: 
   Dependency

/cc @balasankarc

added Internal label

changed milestone to %9.4

assigned to @balasankarc

I've got the basic code ready and will open necessary MRs after a little bit of polishing.

@marin Do we want an ordered list? The omnibus handles dependencies in a leaf-to-root manner. We can have that order if it is helpful for someone reviewing the output (to understand what library is handled first and what comes next etc.).

But, this means when we mention the dependency_licenses.json file in our docs, we will have to specify that it is a array of JSON objects (it needs to be ordered, hence an array), not a dict of JSON objects. I believe that is ok because we are anyway not gonna have "too many users" for that file.

At this time I think it is more important to have the list with dependencies than how they are ordered. So I would skip that for now.

@marin Upon rechecking I found out that the code I wrote already does it in an ordered manner. ¯\_(ツ)_/¯

I will open an MR and we can discuss the implementation details there.

Omnibus-side MR opened at https://dev.gitlab.org/gitlab/omnibus/merge_requests/2/

mentioned in merge request !1679 (merged)

closed via merge request !1679 (merged)

mentioned in commit 08158674